[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: suid-perl



Previously Jules Bean wrote:
> suid bits are insecure, full-stop.  Given that we have a sufficiently bad
> (in particular, coarse-grained) security model that we need them, there
> doesn't seem to be any particular value in restricting them to
> executables.

Now that we have the 2.2 kernel we actually have a much more
fine-grained system using the new capabilities and credential-passing
stuff in the kernel. The only major things that seems to be lacking is a
good capd which can give the credentials. From what I hear
capability-flags will also be part of the next version of ext2fs
(ext3fs?). 

Wichert.

-- 
==============================================================================
This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: wakkerma@cs.leidenuniv.nl
WWW: http://www.wi.leidenuniv.nl/~wichert/

Attachment: pgpWRRZVeK5I4.pgp
Description: PGP signature


Reply to: